Securely protecting computer backups of data continues to be an area full of security concerns. When created, backups typically need to be stored in a format that can be restored at an unknown later date. Many things can change in the computer environment during the period between backup and restore, such as: changing or updating of operating system, changing of hardware components (hard drives, motherboards, network cards, etc.), virtualization of systems, changing of user IDs and passwords, etc. The ever-changing environment makes it difficult to backup computer data in a way that can be restored at a later date.
To avoid additional restore complications, many computer backups are created with no or limited security protection. Even if security is enabled, the IT administrators may have access to all the keys and therefore access to the data in a decrypted form. In the case of critical/classified protected data, IT administrators may not be authorized to access such data, and creating a useable system that protects the critical/classified data from IT administrator access becomes a difficult task.
Classified and other secure environments also impose chain of custody, accounting, and policy restrictions. These restrictions can prohibit creating copies of critical data unless the critical data is destroyed from a transferring system or device upon transfer of a copy to a receiving system or device, making it difficult to robustly protect critical data for restoration.